UPnP / NAT-PMP Inactive Rules Cleaning removing active ports

I normally use NAT-PMP. I understand based on on a few threads here that NAT-PMP works similarly to DHCP leases in that eventually the forward will expire and automatically be removed. However, I noticed NAT-PMP forwards that still exist days after the initial forward.

So I turned on inactive rules cleaning. However, whenever the cleaning happens, all forwards, including active ones are removed.

Is this normal behavior? I thought only inactive ports are closed by inactive rules cleaning, not all of them. This behavior also occurs when UPnP is enabled on bot Toastman and Shibby.

Thank you for your reply and for helping to maintain such a wonderful firmware.

I just use the network at home, so for the test I set the cleaning interval to the default 600 seconds and the threshold to 20 forward. I also opened up various other programs to create forwards which I then closed. I opened up Skype and started a remote Slingbox session to make sure the ports that these software forward are active. Within 11 minute all the forwards get deleted, including the forwards created by the Slingbox, Skype, and Back to my Mac.

I am currently on an Asus RT-N16 using: tomato-K26USB-1.28.7503.4MIPSR2Toastman-RT-VLAN-VPN-NOCAT.trx

This is a question for the miniupnpd author; the inactive rules cleaning is a feature that is built-in to miniupnpd itself (see the options in the /etc/upnp/config file). You are welcome to go through the source code.

Thank you for the links. I read the documentation. An app using NAT-PMP makes a request and asks for a lifetime limit (how long it wants the port forwarded), before it expires. Half way until the limit, the app can ask for more time. So NAT-PMP seems to work like DHCP, instead it's the app (client) that requests how long a port forward should last, not the router (server).

Perhaps the ports that are not deleting are caused apps that are requesting for very long lease times. I will test that and report back.

[The fact that a lease exists for NAT-PMP really makes it way better than UPnP. The port forwards just clean themselves eventually, making inactive rules cleaning unnecessary.]

I figured out the solution to the issue. The way inactive rules cleaning works is during the specified interval (defaulted to 600 seconds), the script checks to see if any data passed though that port. If any data passed, then that port is considered active and the port will remain open. If no data went though the port, the script considered the port dead and deletes it.

Thus, I set inactive rules cleaning to occur every 43200 seconds (12 hours). This seems to have solved my problem.